Jobs · Information Technology · California

Director, Information Technology

Karman Space & Defense · Huntington Beach, CA · 1 wk ago
On-siteInformation TechnologyFull-time

CMMC, NIST, DFARS, and CUI Compliance

  • Drive alignment with NIST 800-171, DFARS cybersecurity requirements, CUI handling expectations, and related defense industrial base compliance obligations.
  • Own cybersecurity compliance planning, remediation tracking, evidence collection, policy alignment, and assessment readiness.
  • Partner with site leaders, Engineering, Operations, Corporate Security, Legal, and IT teams to ensure CUI controls are practical, understood, and consistently executed.
  • Coordinate with consultants, assessors, auditors, and internal stakeholders to support mock assessments, readiness reviews, and certification activities.
  • Provide clear status reporting on CMMC progress, open risks, blockers, remediation needs, and required leadership decisions.

Cybersecurity Risk and Governance

  • Establish and mature cybersecurity governance, risk management, policy, standards, and control processes.
  • Identify, assess, prioritize, and communicate cybersecurity risks in business terms.
  • Partner with the CIAIO and technology leadership team to ensure cybersecurity is embedded into technology strategy, enterprise platforms, infrastructure, AI enablement, and integration efforts.
  • Support security and compliance considerations in vendor management, cloud platforms, ERP/business systems, M&A integration, and site standardization.
  • Maintain discipline around cybersecurity exceptions, risk acceptance, remediation ownership, and executive visibility.

Identity, Vulnerability, and Security Operations

  • Lead identity and access management risk oversight, including privileged access, account lifecycle controls, access reviews, and user access governance.
  • Drive vulnerability management strategy, prioritization, remediation tracking, and SLA discipline.
  • Partner with Infrastructure & Site Operations to strengthen endpoint security, network security, M365 / GCC High security posture, asset management, and monitoring.
  • Improve operational security processes, including alert triage, incident escalation, control monitoring, and remediation follow-through.
  • Help reduce security backlog and improve visibility into the highest-risk vulnerabilities and control gaps.

SOX ITGC, Audit, and Control Readiness

  • Support IT compliance activities related to SOX IT general controls, including access management, change management, backup/recovery, system operations, and evidence production.
  • Partner with Finance, Internal Audit, Business Systems, and external auditors to ensure IT controls are documented, repeatable, and audit-ready.
  • Align CMMC, SOX, cybersecurity, and resilience activities where possible to reduce duplication and improve control efficiency.
  • Establish repeatable processes for control testing, issue remediation, evidence management, and audit support.

Incident Response, Resilience, and Business Continuity

  • Own cybersecurity incident response planning, playbooks, escalation protocols, tabletop exercises, and post-incident improvement actions.
  • Partner with infrastructure, business systems, operations, and site leadership on disaster recovery, backup strategy, business continuity, and resilience planning.
  • Ensure critical systems and regulated business processes have appropriate recovery and continuity plans.
  • Improve organizational readiness to detect, respond to, recover from, and learn from cybersecurity incidents.

Team Leadership and Development

  • Build, lead, and mature the Cybersecurity, Compliance & Resilience function.
  • Provide leadership for cybersecurity GRC, security engineering, identity, vulnerability management, and incident response capabilities.
  • Create a culture of accountability, urgency, transparency, compliance discipline, and practical risk management.
  • Partner with peer technology leaders to stabilize, standardize, prioritize, and scale the broader CIAIO organization.

Similar jobs